Office 365 Trust Center

Your people and your data are your most important assets and so, as you consider Office 365 for your productivity needs, we want to do our best to answer your top questions upfront. Trust Center is the place where we share our commitments and information on trust-related topics.

With Office 365, it’s your data. You own it. You control it. And it is yours to take with you if you decide to leave the service. The core tenets of our approach to earning and maintaining your trust are:

This new From Inside the Cloud blog post shows how we continuously meet the compliance needs of your organization. Shawn Veney provides a view into our approach to regulatory compliance: how we go beyond the checkbox approach and use compliance with standards and regulations to fulfil customers’ key requirements, like location of data in certain regions, data security, and privacy.

This new From Inside the Cloud blog highlights how we manage who has access to your data in the service and gives specifics from Perry Clarke and Vivek Sharma about how Office 365 maintains the service and does not expose customer data to engineers during trouble shooting activities.

Read insights into how our contractual commitments for Office 365 and other cloud services for business, Microsoft Azure, Microsoft Dynamics CRM, and Windows Intune, are now recognized as meeting the rigorous standards of European Union (EU) privacy law.

Find out more about our commitment to running highly available services and our service level agreement. See how we measure availability and see our worldwide uptime numbers for Office 365 over the last six quarters.

Office 365 is a security-hardened service, designed following the
Microsoft Security Development Lifecycle. We bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.

At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade, user and admin controls to further secure your environment.

This white paper gives a look at how the Global Foundation Services organization operates with an emphasis on the Information Security Management Forum, Risk Management program the and Information Security Policy program from the OSSC ISMS.

Hear how zero elevated access within the service is enabled by our underlying Roles-based Access Control (RBAC) and PowerShell infrastructures. These infrastructures make sure that anyone who needs to administer the underlying service goes through a process to get privileges before they start.

Following the why-we-built-Exchange-the-way-we-did theme, hear as we take time to explain some architectural changes that have been made to Exchange over successive releases.

When you entrust your data to Office 365 you remain the sole owner of the data: you retain the rights, title, and interest in the data you store in Office 365. It’s our policy to not mine your data for advertising purposes or use your data except for purposes consistent with providing you cloud productivity services.

Data ownership and what it means

You are the owner of the data; Microsoft is the custodian or the processor of your data.

Our role as data processor

We regularly disclose the number of law enforcement requests we receive through our
transparency reports.

If a government approaches us for access to customer data, we redirect the inquiry to you, the customer, whenever possible and have and will challenge in court any invalid legal demand that prohibits disclosure of a government request for customer data.

Privacy controls

Privacy controls allow you to configure who in your organization has access and what they can access.

Design elements prevent mingling of your data with that of other organizations using Office 365.

Extensive auditing and supervision prevent admins to get unauthorized access to your data.

Detailed content

Read how the Microsoft approach ensures that our customers’ data in our enterprise services remains private. Details include the ways in which we ensure our services protect privacy, to ensuring our customers make informed choices to protect their data privacy in the cloud.

Blogs

This new From Inside the Cloud blog highlights how we manage who has access to your data in the service and gives specifics from Perry Clarke and Vivek Sharma about how Office 365 maintains the service and does not expose customer data to engineers during trouble shooting activities.

In light of recent allegations, see how we’ve taken immediate and coordinated action in the areas of expanding encryption, and reinforcing legal protections while increasing transparency.

Office 365 is a global service and continuous compliance refers to our commitment to evolve the Office 365 controls and stay up to date with standards and regulations that apply to your industry and geography. Because regulations often share the same or similar controls, this makes it easier for Microsoft to meet the requirements of new regulations or those specific to your organization and industry.

In addition, Office 365 provides admin and user controls, including eDiscovery, legal hold, and data loss prevention, to help you meet internal compliance requirements. These require no additional on-premises infrastructure to use.

Independent verification

Our data processing agreement details privacy, security, and handling of customer data, which helps you comply with local regulations.

Proactive approach to regulatory compliance

We have built over 900 controls in the Office 365 compliance framework that enable us to stay up to date with the ever-evolving industry standards.

A specialist compliance team is continuously tracking standards and regulations, developing common control sets for our product team to build into the service.

Customer controls for organizational compliance

Legal hold and eDiscovery built into the service help you find, preserve, analyze, and package electronic content (often referred to as electronically stored information or ESI) for a legal request or investigation. Privacy controls allow you to configure who in your organization has access and what they can access.

Blogs

This new From Inside the Cloud blog post shows how we continuously meet the compliance needs of your organization. Shawn Veney provides a view into our approach to regulatory compliance: how we go beyond the checkbox approach and use compliance with standards and regulations to fulfil customers’ key requirements, like location of data in certain regions, data security, and privacy.

In this episode we discuss the need to classify and segregate data to enable cloud migration while still maintaining regulatory and standards requirements applicable to sensitive data.

Moving to a cloud service shouldn’t mean losing access to knowing what’s going on. With Office 365, it doesn’t. We aim to be transparent in our operations so you can monitor the state of your service, track issues, and have historical view of availability.

We enable you to find out whether someone has accessed your data. We know that in the cloud, data access is one of your main concerns. This means both knowing that you will be able to access your data when you need to and knowing whether someone else has accessed your data. Read who can access your information and under what circumstances it can be accessed.

Detailed content

Read this white paper for a view into a standardized set of data center metrics called Power Usage Effectiveness (PUE), the processes, methods, and new technologies to improve energy efficiency and business computing ecosystems in data centers.

This paper describes how the Microsoft Global Foundation Services team manages and operates the company’s vast data center, and rightsizes its servers to achieve maximum efficiency. The process focuses on the collection of detailed performance data using representative workloads, and then analyzing that data set to select balanced servers that are optimally sized for production scenarios.

Blogs

This new From Inside the Cloud blog highlights how we manage who has access to your data in the service and gives specifics from Perry Clarke and Vivek Sharma about how Office 365 maintains the service and does not expose customer data to engineers during trouble shooting activities.

In an effort to improve communications, we’ve added Message Center. The Message Center helps inform Office 365 admins about new features and actions they need to take to keep their Office 365 service running smoothly.

Hear how as a commitment to running a highly available service, we have a Service Level Agreement of 99.9% uptime that is financially backed. See how we measure availability and see our worldwide uptime number for Office 365 over the last four quarters.

Welcome

With Office 365, it’s your data. You own it. You control it. And it is yours to take with you if you decide to leave the service. The core tenets of our approach to earning and maintaining your trust are:

This new From Inside the Cloud blog post shows how we continuously meet the compliance needs of your organization. Shawn Veney provides a view into our approach to regulatory compliance: how we go beyond the checkbox approach and use compliance with standards and regulations to fulfil customers’ key requirements, like location of data in certain regions, data security, and privacy.

This new From Inside the Cloud blog highlights how we manage who has access to your data in the service and gives specifics from Perry Clarke and Vivek Sharma about how Office 365 maintains the service and does not expose customer data to engineers during trouble shooting activities.

Read insights into how our contractual commitments for Office 365 and other cloud services for business, Microsoft Azure, Microsoft Dynamics CRM, and Windows Intune, are now recognized as meeting the rigorous standards of European Union (EU) privacy law.

Find out more about our commitment to running highly available services and our service level agreement. See how we measure availability and see our worldwide uptime numbers for Office 365 over the last six quarters.

Built-in security

Office 365 is a security-hardened service, designed following the
Microsoft Security Development Lifecycle. We bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.

At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade, user and admin controls to further secure your environment.

This white paper gives a look at how the Global Foundation Services organization operates with an emphasis on the Information Security Management Forum, Risk Management program the and Information Security Policy program from the OSSC ISMS.

Hear how zero elevated access within the service is enabled by our underlying Roles-based Access Control (RBAC) and PowerShell infrastructures. These infrastructures make sure that anyone who needs to administer the underlying service goes through a process to get privileges before they start.

Following the why-we-built-Exchange-the-way-we-did theme, hear as we take time to explain some architectural changes that have been made to Exchange over successive releases.

Privacy by design

The Office 365 Trust Center

When you entrust your data to Office 365 you remain the sole owner of the data: you retain the rights, title, and interest in the data you store in Office 365. It’s our policy to not mine your data for advertising purposes or use your data except for purposes consistent with providing you cloud productivity services.

Data ownership and what it means

You are the owner of the data; Microsoft is the custodian or the processor of your data.

Our role as data processor

We regularly disclose the number of law enforcement requests we receive through our
transparency reports.

If a government approaches us for access to customer data, we redirect the inquiry to you, the customer, whenever possible and have and will challenge in court any invalid legal demand that prohibits disclosure of a government request for customer data.

Privacy controls

Privacy controls allow you to configure who in your organization has access and what they can access.

Design elements prevent mingling of your data with that of other organizations using Office 365.

Extensive auditing and supervision prevent admins to get unauthorized access to your data.

Detailed content

Read how the Microsoft approach ensures that our customers’ data in our enterprise services remains private. Details include the ways in which we ensure our services protect privacy, to ensuring our customers make informed choices to protect their data privacy in the cloud.

Blogs

This new From Inside the Cloud blog highlights how we manage who has access to your data in the service and gives specifics from Perry Clarke and Vivek Sharma about how Office 365 maintains the service and does not expose customer data to engineers during trouble shooting activities.

In light of recent allegations, see how we’ve taken immediate and coordinated action in the areas of expanding encryption, and reinforcing legal protections while increasing transparency.

Continuous compliance

Office 365 is a global service and continuous compliance refers to our commitment to evolve the Office 365 controls and stay up to date with standards and regulations that apply to your industry and geography. Because regulations often share the same or similar controls, this makes it easier for Microsoft to meet the requirements of new regulations or those specific to your organization and industry.

In addition, Office 365 provides admin and user controls, including eDiscovery, legal hold, and data loss prevention, to help you meet internal compliance requirements. These require no additional on-premises infrastructure to use.

Independent verification

Our data processing agreement details privacy, security, and handling of customer data, which helps you comply with local regulations.

Proactive approach to regulatory compliance

We have built over 900 controls in the Office 365 compliance framework that enable us to stay up to date with the ever-evolving industry standards.

A specialist compliance team is continuously tracking standards and regulations, developing common control sets for our product team to build into the service.

Customer controls for organizational compliance

Legal hold and eDiscovery built into the service help you find, preserve, analyze, and package electronic content (often referred to as electronically stored information or ESI) for a legal request or investigation. Privacy controls allow you to configure who in your organization has access and what they can access.

Blogs

This new From Inside the Cloud blog post shows how we continuously meet the compliance needs of your organization. Shawn Veney provides a view into our approach to regulatory compliance: how we go beyond the checkbox approach and use compliance with standards and regulations to fulfil customers’ key requirements, like location of data in certain regions, data security, and privacy.

In this episode we discuss the need to classify and segregate data to enable cloud migration while still maintaining regulatory and standards requirements applicable to sensitive data.

Transparent operations

The Office 365 Trust Center

Moving to a cloud service shouldn’t mean losing access to knowing what’s going on. With Office 365, it doesn’t. We aim to be transparent in our operations so you can monitor the state of your service, track issues, and have historical view of availability.

We enable you to find out whether someone has accessed your data. We know that in the cloud, data access is one of your main concerns. This means both knowing that you will be able to access your data when you need to and knowing whether someone else has accessed your data. Read who can access your information and under what circumstances it can be accessed.

Detailed content

Read this white paper for a view into a standardized set of data center metrics called Power Usage Effectiveness (PUE), the processes, methods, and new technologies to improve energy efficiency and business computing ecosystems in data centers.

This paper describes how the Microsoft Global Foundation Services team manages and operates the company’s vast data center, and rightsizes its servers to achieve maximum efficiency. The process focuses on the collection of detailed performance data using representative workloads, and then analyzing that data set to select balanced servers that are optimally sized for production scenarios.

Blogs

This new From Inside the Cloud blog highlights how we manage who has access to your data in the service and gives specifics from Perry Clarke and Vivek Sharma about how Office 365 maintains the service and does not expose customer data to engineers during trouble shooting activities.

In an effort to improve communications, we’ve added Message Center. The Message Center helps inform Office 365 admins about new features and actions they need to take to keep their Office 365 service running smoothly.

Hear how as a commitment to running a highly available service, we have a Service Level Agreement of 99.9% uptime that is financially backed. See how we measure availability and see our worldwide uptime number for Office 365 over the last four quarters.